I created an AWS instance to put a nethserver in Amazon Web Services
When I try to access to port 22 or 980 from red it works perfectly. But when I try to access to port 9090, it works or not depending of the IP. I read that shorewall firewall only works on IPv4. Maybe is transparent for IPv6 addresses?
So, Why ShoreWall is blocking cockpit (9090) on red?
I see that there is network services defined for 980 and 22 (or 2221), but I cannot see a network service defined for cockpit 9090 to put a rule and open it in shorewall for red.
The default configuration for port 9090 should be the same than for 980 or 2221 right? Access opened from everywhere on Internet.
Even I see a rule in shorewall to open port 9090 into my computer (static IP) used when I installed nethserver. Why is my IP there? That could be it’s enabled only access to 9090 port to my computer
More specifically:
Nethserver uses template /etc/e-smith/templates/etc/shorewall/rules/70cockpit
#
# 60cockpit
#
?COMMENT cockpit
{
my $port = '9090';
my $access = ${'cockpit.socket'}{'access'} || 'green';
my $limit = ${'cockpit.socket'}{'LimitAccess'} || '';
if ($limit ne '') {
$limit = ":$limit";
}
if ($access =~ 'green') {
$OUT .= "ACCEPT\tloc\t\$FW\ttcp\t$port\n";
}
if ($access =~ 'red') {
$OUT .= "ACCEPT\tnet$limit\t\$FW\ttcp\t$port\n";
}
}
to build in /etc/shorewall/rules
# previous rules...
#
# 60cockpit
#
?COMMENT cockpit
ACCEPT loc $FW tcp 9090
ACCEPT net:xxx.xxx.xxx.xxx $FW tcp 9090 # I removed my static IP
# ... more rules
The patch for my nethserver is:
When I added after this block (or added as template) this
#
# 65mycockpit
#
?COMMENT mycockpit
ACCEPT loc $FW tcp 9090
ACCEPT net $FW tcp 9090
Allows to me to access cockpit from everywhere.
I hope that helps
Best regards